Azure AD B2C throws auth_callback_error JWT not active yet

[dg-eparizzi]

Question 💬

I'm using this repo but commented out all providers and just set Azure AD B2C.

export default NextAuth({
  providers: [
    AzureB2CProvider({
      tenantId: process.env.AZURE_AD_B2C_TENANT_NAME,
      clientId: process.env.AZURE_AD_B2C_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET,
      primaryUserFlow: process.env.AZURE_AD_B2C_PRIMARY_USER_FLOW,
      authorization: { params: { scope: "offline_access openid" } }, // btw, this is not explained properly in the documentation
    })
  ]
 // everything else equal to the example repo...
})

I have followed the basic configuration described here. Not sure if the Advanced is also needed or optional.

I've set my Azure AD B2C callback URL to http://localhost:3000/api/auth/callback/azure-ad-b2c

When I click Sign In with Azure AD B2C, I see in the network tab of my devtools that I'm indeed being redirected to my B2C tenant /authorize endpoint and then back to /api/callback/azure-ad-b2c with a state query string param.

The browser is redirected to /api/auth/error?error=OAuthCallback and the console shows the following (debug enabled).

[next-auth][debug][OAUTH_CALLBACK_PROTECTION] {
  state: '18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694',   
  csrfToken: 'af9b2355283971f4ba4809f0c1e41fab417bc8cd1d50fb212ec30fa4a4afa051'
}
[next-auth][debug][GET_AUTHORIZATION_URL] {
  url: 'https://dgpav2dev.b2clogin.com/dgpav2dev.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=0d3c674a-8aaf-41c0-8bad-36ebf325f59d&scope=offline_access%20openid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fazure-ad-b2c&nextauth=signin%2Cazure-ad-b2c&state=18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694'
}
[next-auth][debug][PROFILE_DATA] {
  OAuthProfile: {
    exp: 1635524073,
    nbf: 1635520473,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635520473,
    auth_time: 1635520471,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    newUser: true,
    country: 'Spain',
    given_name: 'Emiliano',
    state: 'Palma',
    family_name: 'Parizzi',
    tfp: 'B2C_1_signupsignin1',
    user: null
  }
}
[next-auth][error][OAUTH_PARSE_PROFILE_ERROR] 
https://next-auth.js.org/errors#oauth_parse_profile_error Cannot read property '0' of undefined {
  error: {
    message: "Cannot read property '0' of undefined",
    stack: "TypeError: Cannot read property '0' of undefined\n" +
      '    at Object.profile (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\providers\\azure-ad-b2c.js:24:30)\n' +
      '    at getProfile (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:161:36)\n' +
      '    at oAuthCallback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:131:33)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
      '    at async Object.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\routes\\callback.js:50:11)\n' +
      '    at async NextAuthHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\index.js:103:28)\n' +
      '    at async NextAuthNextHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:40:7)\n' +
      '    at async C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:80:32\n' +
      '    at async Object.apiResolver (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\api-utils.js:102:9)\n' +
      '    at async DevServer.handleApiRequest (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\next-server.js:1017:9)',
    name: 'TypeError'
  },
  OAuthProfile: {
    exp: 1635524073,
    nbf: 1635520473,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635520473,
    auth_time: 1635520471,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    newUser: true,
    country: 'Spain',
    given_name: 'Emiliano',
    state: 'Palma',
    family_name: 'Parizzi',
    tfp: 'B2C_1_signupsignin1',
    user: null
  },
  message: "Cannot read property '0' of undefined"
}
[next-auth][debug][OAUTH_CALLBACK_RESPONSE] {
  profile: null,
  account: null,
  OAuthProfile: {
    exp: 1635524073,
    nbf: 1635520473,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635520473,
    auth_time: 1635520471,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    newUser: true,
    country: 'Spain',
    given_name: 'Emiliano',
    state: 'Palma',
    family_name: 'Parizzi',
    tfp: 'B2C_1_signupsignin1',
    user: null
  }
}
[next-auth][debug][OAUTH_CALLBACK_PROTECTION] {
  state: '18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694',
  csrfToken: 'af9b2355283971f4ba4809f0c1e41fab417bc8cd1d50fb212ec30fa4a4afa051'
}
[next-auth][debug][GET_AUTHORIZATION_URL] {
  url: 'https://dgpav2dev.b2clogin.com/dgpav2dev.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=0d3c674a-8aaf-41c0-8bad-36ebf325f59d&scope=offline_access%20openid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fazure-ad-b2c&nextauth=signin%2Cazure-ad-b2c&state=18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694'
}
[next-auth][debug][PROFILE_DATA] {
  OAuthProfile: {
    exp: 1635524313,
    nbf: 1635520713,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635520713,
    auth_time: 1635520710,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    newUser: true,
    country: 'Spain',
    given_name: 'Emiliano',
    state: 'Palma',
    family_name: 'Parizzi',
    tfp: 'B2C_1_signupsignin1',
    user: null
  }
}
[next-auth][error][OAUTH_PARSE_PROFILE_ERROR] 
https://next-auth.js.org/errors#oauth_parse_profile_error Cannot read property '0' of undefined {
  error: {
    message: "Cannot read property '0' of undefined",
    stack: "TypeError: Cannot read property '0' of undefined\n" +
      '    at Object.profile (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\providers\\azure-ad-b2c.js:24:30)\n' +
      '    at getProfile (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:161:36)\n' +
      '    at oAuthCallback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:131:33)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
      '    at async Object.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\routes\\callback.js:50:11)\n' +
      '    at async NextAuthHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\index.js:103:28)\n' +
      '    at async NextAuthNextHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:40:7)\n' +
      '    at async C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:80:32\n' +
      '    at async Object.apiResolver (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\api-utils.js:102:9)\n' +
      '    at async DevServer.handleApiRequest (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\next-server.js:1017:9)',
    name: 'TypeError'
  },
  OAuthProfile: {
    exp: 1635524313,
    nbf: 1635520713,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635520713,
    auth_time: 1635520710,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    newUser: true,
    country: 'Spain',
    given_name: 'Emiliano',
    state: 'Palma',
    family_name: 'Parizzi',
    tfp: 'B2C_1_signupsignin1',
    user: null
  },
  message: "Cannot read property '0' of undefined"
}
[next-auth][debug][OAUTH_CALLBACK_RESPONSE] {
  profile: null,
  account: null,
  OAuthProfile: {
    exp: 1635524313,
    nbf: 1635520713,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
PS C:\Users\epari\Coding\next-auth-example> npm run dev

> next-auth-example@0.0.0 dev C:\Users\epari\Coding\next-auth-example
> next

ready - started server on 0.0.0.0:3000, url: http://localhost:3000
info  - Loaded env from C:\Users\epari\Coding\next-auth-example\.env.local
event - compiled successfully in 2.2s (190 modules)
warn  - using beta Middleware (not covered by semver) - https://nextjs.org/docs/messages/beta-middleware
wait  - compiling /_middleware (client only)...
event - compiled successfully in 371 ms (306 modules)
wait  - compiling /api/auth/[...nextauth] (server only)...
event - compiled successfully in 160 ms (318 modules)
[next-auth][debug][OAUTH_CALLBACK_PROTECTION] {
  state: '18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694',   
  csrfToken: 'af9b2355283971f4ba4809f0c1e41fab417bc8cd1d50fb212ec30fa4a4afa051'
}
[next-auth][debug][GET_AUTHORIZATION_URL] {
  url: 'https://dgpav2dev.b2clogin.com/dgpav2dev.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=0d3c674a-8aaf-41c0-8bad-36ebf325f59d&scope=offline_access%20openid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fazure-ad-b2c&nextauth=signin%2Cazure-ad-b2c&state=18e7f650b6217557a54f8759c7f3f087a3df1b8d7b8c3d7a44c0831d060a9694'
}
[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error JWT not active yet, now 1635520790, nbf 1635520791 {
  error: {
    message: 'JWT not active yet, now 1635520790, nbf 1635520791',
    stack: 'RPError: JWT not active yet, now 1635520790, nbf 1635520791\n' +
      '    at Client.validateJWT (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:888:15)\n' +
      '    at Client.validateIdToken (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:706:60)\n' +        
      '    at Client.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:462:18)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
      '    at async oAuthCallback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:103:16)\n' +
      '    at async Object.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\routes\\callback.js:50:11)\n' +   
      '    at async NextAuthHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\index.js:103:28)\n' +
      '    at async NextAuthNextHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:40:7)\n' +
      '    at async C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:80:32\n' +
      '    at async Object.apiResolver (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\api-utils.js:102:9)',       
    name: 'RPError'
  },
  providerId: 'azure-ad-b2c',
  message: 'JWT not active yet, now 1635520790, nbf 1635520791'
}
[next-auth][error][CALLBACK_OAUTH_ERROR] 
https://next-auth.js.org/errors#callback_oauth_error JWT not active yet, now 1635520790, nbf 1635520791 RPError: JWT not active yet, now 1635520790, nbf 1635520791        
    at Client.validateJWT (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:888:15)
    at Client.validateIdToken (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:706:60)
    at Client.callback (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:462:18)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async oAuthCallback (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\lib\oauth\callback.js:103:16)
    at async Object.callback (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\routes\callback.js:50:11)
    at async NextAuthHandler (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\index.js:103:28)
    at async NextAuthNextHandler (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\next\index.js:40:7)
    at async C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\next\index.js:80:32
    at async Object.apiResolver (C:\Users\epari\Coding\next-auth-example\node_modules\next\dist\server\api-utils.js:102:9) {
  name: 'OAuthCallbackError'
}

It seems it cannot read the profile. What am I missing here?

Anyway, better documentation and examples would be highly appreciated.

How to reproduce ☕️

https://github.com/nextauthjs/next-auth-example.git

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR

[dg-eparizzi]

Ok, I think I was missing some of the return claims in the user flow. I've now selected all those described in the docs.

Collect attribute:

• Email Address
• Display Name
• Given Name
• Surname

Return claim:

• Email Addresses
• Display Name
• Given Name
• Surname
• Identity Provider
• Identity Provider Access Token
• User's Object ID

Now I get

[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error JWT not active yet, now 1635520790, nbf 1635520791 {
  error: {
    message: 'JWT not active yet, now 1635520790, nbf 1635520791',
    stack: 'RPError: JWT not active yet, now 1635520790, nbf 1635520791\n' +
      '    at Client.validateJWT (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:888:15)\n' +
      '    at Client.validateIdToken (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:706:60)\n' +        
      '    at Client.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\openid-client\\lib\\client.js:462:18)\n' +
      '    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n' +
      '    at async oAuthCallback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\lib\\oauth\\callback.js:103:16)\n' +
      '    at async Object.callback (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\routes\\callback.js:50:11)\n' +   
      '    at async NextAuthHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\core\\index.js:103:28)\n' +
      '    at async NextAuthNextHandler (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:40:7)\n' +
      '    at async C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next-auth\\next\\index.js:80:32\n' +
      '    at async Object.apiResolver (C:\\Users\\epari\\Coding\\next-auth-example\\node_modules\\next\\dist\\server\\api-utils.js:102:9)',       
    name: 'RPError'
  },
  providerId: 'azure-ad-b2c',
  message: 'JWT not active yet, now 1635520790, nbf 1635520791'
}
[next-auth][error][CALLBACK_OAUTH_ERROR] 
https://next-auth.js.org/errors#callback_oauth_error JWT not active yet, now 1635520790, nbf 1635520791 RPError: JWT not active yet, now 1635520790, nbf 1635520791        
    at Client.validateJWT (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:888:15)
    at Client.validateIdToken (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:706:60)
    at Client.callback (C:\Users\epari\Coding\next-auth-example\node_modules\openid-client\lib\client.js:462:18)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async oAuthCallback (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\lib\oauth\callback.js:103:16)
    at async Object.callback (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\routes\callback.js:50:11)
    at async NextAuthHandler (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\core\index.js:103:28)
    at async NextAuthNextHandler (C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\next\index.js:40:7)
    at async C:\Users\epari\Coding\next-auth-example\node_modules\next-auth\next\index.js:80:32
    at async Object.apiResolver (C:\Users\epari\Coding\next-auth-example\node_modules\next\dist\server\api-utils.js:102:9) {
  name: 'OAuthCallbackError'
}

[dg-eparizzi]

The Configuration (Advanced) described here says we need to "Add a Web API application" and links to here, but this page shows a guide to register two applications (a web API and a SPA). We have already registered one in the Basic Configuration, so it's not clear what needs to be done here exactly...

[balazsorban44]

I did the testing on this together with @BenjaminWFox, maybe he has some insights on how to configure Azure B2C for you.

Relevant PR: #2862

[BenjaminWFox-Lumedic]

Haha this is a terrible error 😢 I don't think there is anything wrong with your B2C setup per-se, because by all accounts you are logging in with a B2C-issued token. ​It suggests that there is some disconnect between your local machine time and the server time when the token is issued.

I'm on MacOS, and if I manually set my date/time (to yesterday, or even to 1 hour ago) with a default B2C User Policy I can reproduce this error.

I'm not sure whose fault this is...like is this a commonly produceable error with a user in Hawaii and a B2C server in US Mainland? Or is it only an issue if the user has somehow manually adjusted their time?

@dg-eparizzi can you confirm if your system time is set manually or synced automatically?

Unrelatedly, thanks for the callout on authorization: { params: { scope: "offline_access openid" } }, - I don't actually think it's needed, although would have to test a little more to confirm

[dg-eparizzi]

My Windows machine has the time sync. I don't think an user in Hawaii and a server in US mainland has anything to do with this. Tokens are issued in UTC. Timezones shouldn't matter. So, this error suggests that Azure Ad B2C does issue a token and redirect back to my next app. But then NextAuth throws because the jwt is valid from a timestamp that is in the future as per my computer clock? El 29 oct. 2021 21:49, Ben Fox ***@***.***> escribió: Haha this is a terrible error 😢 I don't think there is anything wrong with your B2C setup per-se, because by all accounts you are logging in with a B2C-issued token. It suggests that there is some disconnect between your local machine time and the server time when the token is issued. I'm on MacOS, and if I manually set my date/time (to yesterday, or even to 1 hour ago) with a default B2C User Policy I can reproduce this error. I'm not sure whose fault this is...like is this a commonly produceable error with a user in Hawaii and a B2C server in US Mainland? Or is it only an issue if the user has somehow manually adjusted their time? @dg-eparizzi<https://secure-web.cisco.com/1okgkOhnLcqmyPvllN4RlgpHlDL1uAhBzlRuqHFH2kjRhIX3kMuinkEhz4MDji_ai7BrHAF865N6Up72hv7N70NjwIcf8FzGQyOSr92NRgUp1-4g8Ww107WVU0Lk23HAu0reUhwmnIIHST_URH6LeeGOPb3SI0QCalBlxU8SQhGJAhOjlh1GVXb6k28WD6hrAqroZLUTbWzcWOhoHFjU7n2PBg7MX1UeGiWtjCr68KilahT31FLF9yRJ3RpvEm7odqnJhNR074IwY1LXtA-wicxeXYOjmmMw4NpuVq-aCpMPEyySoRCiggPiUUtPTXRue/https%3A%2F%2Fgithub.com%2Fdg-eparizzi> can you confirm if your system time is set manually or synced automatically? Unrelatedly, thanks for the callout on authorization: { params: { scope: "offline_access openid" } }, - I don't actually think it's needed, although would have to test a little more to confirm — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://secure-web.cisco.com/179_ZqRN8WOMqlMpidNpK3JcDkOmJHiRU8K7cehqhxKc5c-TDakTWuX8w7eQBcQ28--SFT8DaEv93wFQuw28XNMAjKu3fO5Snq7MdGnX9AlzIZ2c1fWHFL5ZNhMapkTCuVkWeNQFYEVwBShAre8F94GpiKABOjOtM-Rt9qjUh2L6hv6Q9LTSkQfNBjKWBFAoGF-mpnFW5OqR7kv7Ol6DOnSaMrq9dFJLDlEQEZzlXOsYrNwp2WMn1FVKpX-VHGI2EvmSC7QqBb6M7v9atSqBOY4fD5spDgSdiak7Bi33UlvTwM0_854beiQVtYdpauiTI/https%3A%2F%2Fgithub.com%2Fnextauthjs%2Fnext-auth%2Fissues%2F3067%23issuecomment-955008617>, or unsubscribe<https://secure-web.cisco.com/1tRTAGUzuhdjUJNSwUzjoyQYh1n-KB31Rmrf-rmCvn7k_EWwGQsd9jjXqHb9n7hnaglY221GQ737bLyN7cdBtjPRpZWNwVtEYsqINuRbLEd-aOB4BeNJgStWg1vMPv_wql2hNfs_UEPNUFDsMkuPMB7FjFJiWbNa-K28RaKhjerWFAg3g4R2uHl8nuYTVycvQ-jdm5ikGFvvt-em1CgkSiKCNaDhplplyo3aDxf3zDf5YdTxC8JSoqf1JtwP7pSQDA4rhvWum-dkuFe1pb1rMFZTazG6xkJgNyNuEFp576V1fEPlX1UwnLRPoK-JBLGMe/https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FARIYOHLXKASHJ4KACDLIGBDUJL3FJANCNFSM5G7SWALA>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. This e-mail and any attachments herein may contain confidential or privileged information and is for the exclusive use of the intended recipient(s) named above. If you are not the intended recipient(s), you should not disseminate, distribute, retain, copy or otherwise use any information contained herein. If you have received this e-mail in error, please notify the sender immediately by replying to this message and delete this e-mail and associated attachments. Our company does not guarantee this e-mail is secure or free from viruses. 이 메시지 및 첨부자료는 법률상 비밀로 보호되어야 할 내용을 포함하고 있고 정당한 수신인에게만 전달할 목적으로 발송되었으므로 정당한 수신인이 아니라면 내용의 공개, 배포, 보관은 물론 어떤 용도로도 이를 이용할 수 없으며, 본 메일의 잘못된 취급으로 발생하는 안전성 문제에 관하여 당사는 아무런 책임도 지지 아니함을 알려 드립니다. 잘못 수신하신 경우에는 즉시 송신자에게 회신하여 알려주신 후 삭제하여 주시기 바랍니다. 협조에 감사 드립니다.

[BenjaminWFox]

That's what it seems like yep, and, I think you're right that a user in any particular place would not have issues, that would be too obviously breaking. I tested a bit more setting my computer to different timezones and VPNing to various places and had no issues except for when I explicitly set the time back.

Is your project only in local development or is there another machine you can test on? Just to confirm that B2C is working, you should also be able to go into your tenant directly and run the User Flow, setting the callback URL to https://jwt.ms/ (may need to add as a callback URL in the app registration). Then you could at least compare the timestrings from that to one you generate on your machine.

It looks specifically like this error is thrown by the openid-client package. Issue requesting the errors and PR that introduces the error string:
panva/openid-client#250
panva/openid-client@fe3db5c

[balazsorban44]

I also found similar issues: https://github.com/panva/node-openid-client/issues?q=clock+skew

That package actually has a nice way of mitigating this https://github.com/panva/node-openid-client/blob/main/docs/README.md#customizing-clock-skew-tolerance

But I am not sure yet how we can expose that in next-auth.

[balazsorban44]

After I've talked to someone about this, I think we can set a few seconds clock tolerance in the core to mitigate your issue. I'll open a PR.

[dg-eparizzi]

I've manually clicked "Sync Time" on my Windows machine and now that issue seems to be resolved. Anyway, I think an option to allow for a few seconds of tolerance would be a nice feature.

But still, I can't get Azure AD B2C working properly. I'm using the Prisma Adapter and the GitHub provider works fine.
The "Run User Flow" works well and I get to see my token in https://jwt.ms

My package.json dependencies:

  "dependencies": {
    "@next-auth/prisma-adapter": "next",
    "@prisma/client": "^3.3.0",
    "next": "^12.0.1",
    "next-auth": "4.0.0-beta.6",
    "next-connect": "^0.11.0",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
    "react-markdown": "^7.1.0"
  },

And my schema.prisma

model Account {
  id                       String  @id @default(cuid())
  userId                   String
  type                     String
  provider                 String
  providerAccountId        String
  refresh_token            String?
  refresh_token_expires_in Int?
  access_token             String?
  expires_at               Int?
  token_type               String?
  scope                    String?
  id_token                 String?
  session_state            String?
  oauth_token_secret       String?
  oauth_token              String?

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)

  @@unique([provider, providerAccountId])
}

model Session {
  id           String   @id @default(cuid())
  sessionToken String   @unique
  userId       String
  expires      DateTime
  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

model User {
  id            String          @id @default(cuid())
  name          String?
  email         String?         @unique
  emailVerified DateTime?
  image         String?
  accounts      Account[]
  sessions      Session[]
  posts         Post[] //TODO: Remove
  api_key       String?         @unique
  sites         SiteUserRoles[]

  @@map(name: "users")
}

model VerificationToken {
  identifier String
  token      String   @unique
  expires    DateTime

  @@unique([identifier, token])
}

Here's the NextAuth output with debug=true

[next-auth][debug][OAUTH_CALLBACK_PROTECTION] {
  state: '7728d0ebb570f225994970d84f4e36643522a164bce43d6761d17f4cdc389ccd',   
  csrfToken: '903a7a4e770af6b52fb2dc21f7acf6d11944f36a73a484f11351e09df959fe45'
}
[next-auth][debug][GET_AUTHORIZATION_URL] {
  url: 'https://dgpav2dev.b2clogin.com/dgpav2dev.onmicrosoft.com/b2c_1_signupsignin1/oauth2/v2.0/authorize?client_id=0d3c674a-8aaf-41c0-8bad-36ebf325f59d&scope=offline_access%20openid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fazure-ad-b2c&nextauth=signin%2Cazure-ad-b2c&state=7728d0ebb570f225994970d84f4e36643522a164bce43d6761d17f4cdc389ccd'
}
[next-auth][debug][PROFILE_DATA] {
  OAuthProfile: {
    exp: 1635592091,
    nbf: 1635588491,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635588491,
    auth_time: 1635588488,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    name: 'unknown',
    given_name: 'Emiliano',
    family_name: 'Parizzi',
    emails: [ 'eparizzi@gmail.com' ],
    tfp: 'B2C_1_signupsignin1',
    user: null
  }
}
[next-auth][debug][OAUTH_CALLBACK_RESPONSE] {
  profile: {
    id: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    name: 'unknown',
    email: 'eparizzi@gmail.com',
    image: null
  },
  account: {
    provider: 'azure-ad-b2c',
    type: 'oauth',
    providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',
    token_type: 'Bearer',
    not_before: 1635588491,
    id_token_expires_in: 3600,
    profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',
    scope: 'offline_access openid',
    refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',
    refresh_token_expires_in: 1209600
  },
  OAuthProfile: {
    exp: 1635592091,
    nbf: 1635588491,
    ver: '1.0',
    iss: 'https://dgpav2dev.b2clogin.com/bd51fb4d-a1b4-42b2-a322-3e8d6a829dd3/v2.0/',
    sub: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    aud: '0d3c674a-8aaf-41c0-8bad-36ebf325f59d',
    iat: 1635588491,
    auth_time: 1635588488,
    oid: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
    name: 'unknown',
    given_name: 'Emiliano',
    family_name: 'Parizzi',
    emails: [ 'eparizzi@gmail.com' ],
    tfp: 'B2C_1_signupsignin1',
    user: null
  }
}
[next-auth][debug][adapter_getUserByAccount] {
  args: [
    {
      providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
      provider: 'azure-ad-b2c'
    }
  ]
}
[next-auth][debug][adapter_getUserByAccount] {
  args: [
    {
      providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
      provider: 'azure-ad-b2c'
    }
  ]
}
[next-auth][debug][adapter_getUserByEmail] { args: [ 'eparizzi@gmail.com' ] }
[next-auth][debug][adapter_createUser] {
  args: [
    {
      name: 'unknown',
      email: 'eparizzi@gmail.com',
      image: null,
      emailVerified: null
    }
  ]
}
[next-auth][debug][adapter_linkAccount] {
  args: [
    {
      provider: 'azure-ad-b2c',
      type: 'oauth',
      providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
      id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',
      token_type: 'Bearer',
      not_before: 1635588491,
      id_token_expires_in: 3600,
      profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',
      scope: 'offline_access openid',
      refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',
      refresh_token_expires_in: 1209600,
      userId: 'ckvdn5po70006dctwzvrbofas'
    }
  ]
}
[next-auth][error][adapter_error_linkAccount] 
https://next-auth.js.org/errors#adapter_error_linkaccount
Invalid `p.account.create()` invocation in
C:\Users\epari\Coding\pa-web-v2\node_modules\@next-auth\prisma-adapter\dist\index.js:19:42

  16 },
  17 updateUser: (data) => p.user.update({ where: { id: data.id }, data }),
  18 deleteUser: (id) => p.user.delete({ where: { id } }),
→ 19 linkAccount: (data) => p.account.create({
       data: {
         provider: 'azure-ad-b2c',
         type: 'oauth',
         providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
         id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',
         token_type: 'Bearer',
         not_before: 1635588491,
         ~~~~~~~~~~
         id_token_expires_in: 3600,
         ~~~~~~~~~~~~~~~~~~~
         profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',
         ~~~~~~~~~~~~
         scope: 'offline_access openid',
         refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',
         refresh_token_expires_in: 1209600,
         userId: 'ckvdn5po70006dctwzvrbofas'
       }
     })

Unknown arg `not_before` in data.not_before for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `id_token_expires_in` in data.id_token_expires_in for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `profile_info` in data.profile_info for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}

 {
  message: '\n' +
    'Invalid `p.account.create()` invocation in\n' +
    'C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@next-auth\\prisma-adapter\\dist\\index.js:19:42\n' +
    '\n' +
    '  16 },\n' +
    '  17 updateUser: (data) => p.user.update({ where: { id: data.id }, data }),\n' +
    '  18 deleteUser: (id) => p.user.delete({ where: { id } }),\n' +
    '→ 19 linkAccount: (data) => p.account.create({\n' +
    '       data: {\n' +
    "         provider: 'azure-ad-b2c',\n" +
    "         type: 'oauth',\n" +
    "         providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',\n" +
    "         id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',\n" +
    "         token_type: 'Bearer',\n" +
    '         not_before: 1635588491,\n' +
    '         ~~~~~~~~~~\n' +
    '         id_token_expires_in: 3600,\n' +
    '         ~~~~~~~~~~~~~~~~~~~\n' +
    "         profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',\n" +
    '         ~~~~~~~~~~~~\n' +
    "         scope: 'offline_access openid',\n" +
    "         refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',\n" +
    '         refresh_token_expires_in: 1209600,\n' +
    "         userId: 'ckvdn5po70006dctwzvrbofas'\n" +
    '       }\n' +
    '     })\n' +
    '\n' +
    'Unknown arg `not_before` in data.not_before for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    'Unknown arg `id_token_expires_in` in data.id_token_expires_in for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    'Unknown arg `profile_info` in data.profile_info for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    '\n',
  stack: 'Error: \n' +
    'Invalid `p.account.create()` invocation in\n' +
    'C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@next-auth\\prisma-adapter\\dist\\index.js:19:42\n' +
    '\n' +
    '  16 },\n' +
    '  17 updateUser: (data) => p.user.update({ where: { id: data.id }, data }),\n' +
    '  18 deleteUser: (id) => p.user.delete({ where: { id } }),\n' +
    '→ 19 linkAccount: (data) => p.account.create({\n' +
    '       data: {\n' +
    "         provider: 'azure-ad-b2c',\n" +
    "         type: 'oauth',\n" +
    "         providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',\n" +
    "         id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',\n" +
    "         token_type: 'Bearer',\n" +
    '         not_before: 1635588491,\n' +
    '         ~~~~~~~~~~\n' +
    '         id_token_expires_in: 3600,\n' +
    '         ~~~~~~~~~~~~~~~~~~~\n' +
    "         profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',\n" +
    '         ~~~~~~~~~~~~\n' +
    "         scope: 'offline_access openid',\n" +
    "         refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',\n" +
    '         refresh_token_expires_in: 1209600,\n' +
    "         userId: 'ckvdn5po70006dctwzvrbofas'\n" +
    '       }\n' +
    '     })\n' +
    '\n' +
    'Unknown arg `not_before` in data.not_before for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    'Unknown arg `id_token_expires_in` in data.id_token_expires_in for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    'Unknown arg `profile_info` in data.profile_info for type AccountUncheckedCreateInput. Available args:\n' +
    '\n' +
    'type AccountUncheckedCreateInput {\n' +
    '  id?: String\n' +
    '  userId: String\n' +
    '  type: String\n' +
    '  provider: String\n' +
    '  providerAccountId: String\n' +
    '  refresh_token?: String | Null\n' +
    '  refresh_token_expires_in?: Int | Null\n' +
    '  access_token?: String | Null\n' +
    '  expires_at?: Int | Null\n' +
    '  token_type?: String | Null\n' +
    '  scope?: String | Null\n' +
    '  id_token?: String | Null\n' +
    '  session_state?: String | Null\n' +
    '  oauth_token_secret?: String | Null\n' +
    '  oauth_token?: String | Null\n' +
    '}\n' +
    '\n' +
    '\n' +
    '    at Object.validate (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:34787:20)\n' +       
    '    at PrismaClient._executeRequest (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39581:17)\n' +
    '    at consumer (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39522:23)\n' +
    '    at C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39526:49\n' +
    '    at AsyncResource.runInAsyncScope (async_hooks.js:197:9)\n' +
    '    at PrismaClient._request (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39526:27)\n' + 
    '    at request (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39631:77)\n' +
    '    at _callback (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39839:14)\n' +
    '    at PrismaPromise.then (C:\\Users\\epari\\Coding\\pa-web-v2\\node_modules\\@prisma\\client\\runtime\\index.js:39846:23)',       
  name: 'Error'
}
[next-auth][error][OAUTH_CALLBACK_HANDLER_ERROR]
https://next-auth.js.org/errors#oauth_callback_handler_error
Invalid `p.account.create()` invocation in
C:\Users\epari\Coding\pa-web-v2\node_modules\@next-auth\prisma-adapter\dist\index.js:19:42

  16 },
  17 updateUser: (data) => p.user.update({ where: { id: data.id }, data }),
  18 deleteUser: (id) => p.user.delete({ where: { id } }),
→ 19 linkAccount: (data) => p.account.create({
       data: {
         provider: 'azure-ad-b2c',
         type: 'oauth',
         providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
         id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',
         token_type: 'Bearer',
         not_before: 1635588491,
         ~~~~~~~~~~
         id_token_expires_in: 3600,
         ~~~~~~~~~~~~~~~~~~~
         profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',
         ~~~~~~~~~~~~
         scope: 'offline_access openid',
         refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',
         refresh_token_expires_in: 1209600,
         userId: 'ckvdn5po70006dctwzvrbofas'
       }
     })

Unknown arg `not_before` in data.not_before for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `id_token_expires_in` in data.id_token_expires_in for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `profile_info` in data.profile_info for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}

 Error:
Invalid `p.account.create()` invocation in
C:\Users\epari\Coding\pa-web-v2\node_modules\@next-auth\prisma-adapter\dist\index.js:19:42

  16 },
  17 updateUser: (data) => p.user.update({ where: { id: data.id }, data }),
  18 deleteUser: (id) => p.user.delete({ where: { id } }),
→ 19 linkAccount: (data) => p.account.create({
       data: {
         provider: 'azure-ad-b2c',
         type: 'oauth',
         providerAccountId: 'bca5df8c-2d64-47df-bdc1-201bd5be8146',
         id_token: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzU1OTIwOTEsIm5iZiI6MTYzNTU4ODQ5MSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9kZ3BhdjJkZXYuYjJjbG9naW4uY29tL2JkNTFmYjRkLWExYjQtNDJiMi1hMzIyLTNlOGQ2YTgyOWRkMy92Mi4wLyIsInN1YiI6ImJjYTVkZjhjLTJkNjQtNDdkZi1iZGMxLTIwMWJkNWJlODE0NiIsImF1ZCI6IjBkM2M2NzRhLThhYWYtNDFjMC04YmFkLTM2ZWJmMzI1ZjU5ZCIsImlhdCI6MTYzNTU4ODQ5MSwiYXV0aF90aW1lIjoxNjM1NTg4NDg4LCJvaWQiOiJiY2E1ZGY4Yy0yZDY0LTQ3ZGYtYmRjMS0yMDFiZDViZTgxNDYiLCJuYW1lIjoidW5rbm93biIsImdpdmVuX25hbWUiOiJFbWlsaWFubyIsImZhbWlseV9uYW1lIjoiUGFyaXp6aSIsImVtYWlscyI6WyJlcGFyaXp6aUBnbWFpbC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSJ9.sj7w4d9KwgxkAz4mwiUWnkLr60rzb_pEtQVZ7CKt8cIocBBp7gb6JkZAn_MgrKNHxeA2wQCbqj4NVouwktcmuYnK9ASmsrclT6Ose6y8ziEXknKqqLvsVueYQg3Iqjvf10j6oXFTR0mSqNkWXrLw5tbGzoycCy9aELgbl_qbyDmlRsSSy70aYDAlza3pTXd96z6CrOWVuE0Fkdpuh1K5mmYfxLaxv9hNCEVg66Bl--_Hoby0wByFES8ctU6lqm9ZBzp24sI8Ob5OiEHD0Eu6CYA2x6Z-Lz-g5bv6S2QrDOV65D6dx88xZ8dqItrEH2nKMusqD-CYy3rWMQhQGrjGsw',
         token_type: 'Bearer',
         not_before: 1635588491,
         ~~~~~~~~~~
         id_token_expires_in: 3600,
         ~~~~~~~~~~~~~~~~~~~
         profile_info: 'eyJ2ZXIiOiIxLjAiLCJ0aWQiOiJiZDUxZmI0ZC1hMWI0LTQyYjItYTMyMi0zZThkNmE4MjlkZDMiLCJzdWIiOm51bGwsIm5hbWUiOiJ1bmtub3duIiwicHJlZmVycmVkX3VzZXJuYW1lIjpudWxsLCJpZHAiOm51bGx9',
         ~~~~~~~~~~~~
         scope: 'offline_access openid',
         refresh_token: 'eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..QlPRK3jlafawOsHQ.lD48NFMp6kFdw90gBiCtVTwoLZaZQa96iodG2r2wcz_gjaiAHKeLgwc9iUktgATTNx-NJ-kiZno8uWe6xAHi_gn6GQXa0DWuf7c0_phSnkzBJpP1Tnfe2ncqG9PvF_deqO0ityp9JDplISCRh4ytVcZpjokBe7qu-5Hr12a0PPNVJTuFxUHxRXB_HTSlsR9yLwK9gAe3MGbHN6Fpv8oga2VrtsDAleGsUfhJ4wb3b1X2Cb1kWc59T7C8a1M_N_DX7mqcg2jbYaoyfYF__2BXm06Pwr-47XsCJ9te8B2gvsidV3IgbLMxeelIODVa_zS9VkSjfYt3gxclJ_wydU0_uHPDUWjdfdLkgFBxRFGD92jYzOUMpjWzs6U89cJ-kBdMx4JRfsr-HCYXemfxxzPCcgvf61DYAIKe-MWgH5obf_EI_ujmLcVTOOvWWggjh-xr42q4tH9OOvhxJRQ8ybrrTcRdQiHnMF9C_RG1Ud_6X19SqzYM5qP7QQ9Egzzvg2_ysZ6-IcQtx3aKIn4Di-hdNWetE1ns0X1wvmd9bgjV0rQRLpv4aQGTocoW7zh251qbyhrnjLMP8GdJ1S005XI8513oyctLYqgCmLxLklM2LYrAqeQbdinNd1M.1BP2uGFOk_di-CxP7ljdFg',
         refresh_token_expires_in: 1209600,
         userId: 'ckvdn5po70006dctwzvrbofas'
       }
     })

Unknown arg `not_before` in data.not_before for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `id_token_expires_in` in data.id_token_expires_in for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}
Unknown arg `profile_info` in data.profile_info for type AccountUncheckedCreateInput. Available args:

type AccountUncheckedCreateInput {
  id?: String
  userId: String
  type: String
  provider: String
  providerAccountId: String
  refresh_token?: String | Null
  refresh_token_expires_in?: Int | Null
  access_token?: String | Null
  expires_at?: Int | Null
  token_type?: String | Null
  scope?: String | Null
  id_token?: String | Null
  session_state?: String | Null
  oauth_token_secret?: String | Null
  oauth_token?: String | Null
}


    at Object.validate (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:34787:20)
    at PrismaClient._executeRequest (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39581:17)
    at consumer (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39522:23)
    at C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39526:49
    at AsyncResource.runInAsyncScope (async_hooks.js:197:9)
    at PrismaClient._request (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39526:27)
    at request (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39631:77)
    at _callback (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39839:14)
    at PrismaPromise.then (C:\Users\epari\Coding\pa-web-v2\node_modules\@prisma\client\runtime\index.js:39846:23) {
  name: 'LinkAccountError'
}

[balazsorban44]

⚠ @dg-eparizzi you should absolutely not share some of these logs! you expose refresh, id and access tokens on your behalf! ⚠

In any case, I think the message is clear. Azure seem to send you extra data that is not in your Prisma schema. adding those fields will make the problem go away. or you could override the linkAccount adapter method to filter out only what you need.

[dg-eparizzi]

⚠ @dg-eparizzi you should absolutely not share some of these logs! you expose refresh, id and access tokens on your behalf! ⚠

I know, I know, this is just a test tenant and I'm going to delete this B2C account anyway.

[dg-eparizzi]

Can someone confirm that the Prisma schema described here works with the latest (next) versions of next-auth and the prisma adapter when using Azure AD B2C provider?